The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Wasm, PGlite, OPFS, and other new tech bring robust data storage to the browser, Electrobun brings Bun to desktop apps, ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team.

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...